When configure SharePoint Single Sign-On (SSO), sometimes you’ll get “You do not have the rights to perform this operation.” error message on the “Manage Settings for Single Sign-On” page and subsequently “User DOMAIN\USERID failed to configure the single sign-on server. The error returned was ERROR NUMBER. Verify this account has sufficient permissions and try again.” error message is displayed in the Windows Event Viewer and SharePoint Log.

To fix this issue, you have to make sure “Single Sign-On Administrator Account” account name to start the Microsoft Single Sign-On ServiceMUST meet all of the following:

Must be a domain user account. It cannot be a group account.

The user must be a member of Domain Admins and Domain Users

Must be an Office SharePoint Server farm account

Go to Central Administration > Operations, then click on the “Update farm administrator's group” link to add the user to farm administrator group.

Must be a member of the local Administrators group on the encryption-key server

The encryption-key server is the first server on which you start SSOSrv

Must be a member of the Security Administrators role and Database Creators role on the computer running Microsoft SQL Server.

Also most important setting is to MAKE SURE, the same “Single Sign-On Administrator Account” account name is used at both “Manage Server Settings for Single Sign-On” page and “Service Accounts” page as shown below:

To consume SPMenuField token values, you must specify token name within the % sign as shown below:

“%TOKEN_NAME%” OR “%KEYWEBSITE%”

As shown in code example above, ObjectDataSource control require “SelectData” method. You need to create a public method SelectData which returns a System.Data.DataTable – a dummy data which has three (3) columns which are “Name”, “Email” and “WebSite”. See below:

Friday, July 17, 2009

When you attempt to develop a Web Part that uses an SPGridView control, you’ll notice the following differences to your SPGridView look and feel compared to the out of the box SharePoint List View:

SPGridView font type is Verdana, out of the box SharePoint List View font type is Tahoma

Font size and colour different

No alternating styles for items

Header style, pager styles, etc.

Screenshot below shows the differences:

If you’re good in CSS and HTML, then you’ll find CSS Reference Chart for SharePoint 2007 is helpful and you should be able to change your SPGridView styles to have the same look and feel of of the out of the box SharePoint List View.

Thursday, July 16, 2009

If you are building a custom Web Part to upload document to SharePoint Document Library, then you need to validate user’s base permission so that unauthorised user can’t perform upload. You can’t validate based on their permission levels since at anytime base permissions of any permission level can be changed by administrator. Plus, in object model there is no specific method to get the permission level or what permission level assigned to a group or a user.

This article describes how to perform document upload to SharePoint and validate user base permissions so that only authorized users are able to perform the upload.

In SharePoint, the out-of-the-box permission level allowed user with "Contribute" permission level or higher (i.e. "FullControl", "Design", "ManageHierarchy" and "Approve") to upload document to SharePoint. The following code displays the base permissions for each permission level:

Tuesday, July 14, 2009

If you want to display “Open tool pane” link in Web Part for SharePoint, just like the one displayed in the Content Editor Web Part and several others out-of-the-box Web Parts. Then add the following JavaScript code to your Web Part class: